Computing devices, such as mobile phones or wearable devices, may allow users to change the time on the device. For example, a computing device may allow a user to alter the device's wall clock (i.e., the clock on the mobile device that displays the time to the user). In general, data relating to how and when a user utilizes a computing device can be valuable information to, for example, mobile application developers and software developers. But because the user can manually adjust the wall clock on his device, devices such as servers that receive communications from the computing device cannot trust the timestamps associated with the received communications (e.g., event logs). Further, wall clock changes are more common than one might expect because many games include time-based rewards that sometimes provoke users to set their device clocks ahead.
Receiving devices often mitigate the issues associated with receiving data from untrusted devices by utilizing their own internal time. For example, when a server receives an event log, the server can use its own time as the correct time and then by using the relative difference between the correct time and the time stamped by the untrusted sending device, the server can assign corrected times to the events in the event log. This mitigation method fails, however, if the mobile device user changes the device's time in between the device transmitting event logs to an external computing device. For example, if a computing device goes an extended period without submitting an event log, and the user changes the wall clock during that period, this conventional mitigation method will be ineffective.